Ponemon Institute is pleased to present the results of Risky Business: How Company Insiders1 Put High Value Information at Risk, sponsored by Fasoo. The purpose of this study is to understand what activities put business-critical information at risk in the workplace. Based on the findings of this research, employees and other insiders often lack the information, conscientiousness and guidance needed to make intelligent decisions about the information they have access to and share. In fact, companies are more confident they can stop external attackers from accessing confidential information than their own employees and contractors.
We surveyed 637 IT and IT security practitioners who are familiar with their organization’s approach to securing confidential information contained in documents and files. All organizations represented in this research use document and file-level security tools. In the context of this study, high value information could be trade secrets, new product designs, merger and acquisition activity, confidential business and financial information, and employee information. The loss or theft of such information would be catastrophic for a company and affect its sustainability.
Safeguarding high value information in organizations is a two-way street. Employees need to be responsible and follow data protection policies and safeguards in place. In turn, companies need to have the tools, expertise and governance practices to protect sensitive and confidential information.